Home Protection From FireSheep (Hint: It’s Not BlackSheep)

Protection From FireSheep (Hint: It’s Not BlackSheep)

Since the Firesheep extention was released a couple of weeks ago, more people have been paying attention to security vulnerabilities that can happen while using unsecured Wi-Fi networks. Indeed, as developer Eric Butler said when he created and released Firesheep, that was sort of the point.

Since Firesheep was released, there have been a number of countermeasures developed, ostensibly to warn if not protect users from potential side-jacking. Blacksheep, released earlier this week by Zscaler, generates “fake traffic” then monitors the network to see if Firesheep is active.

But Blacksheep warns you that it is, then what? Other than shutting off your notebook and perhaps relocating to a different cafe with free Wi-Fi, what are your options?

This series on data security and privacy is brought to you by IBM. Find out more about how IBM is creating a Smarter Planet.

HTTPS, Everywhere

If the point of Butler’s Firesheep was to expose the vulnerabilities of most major websites due to unencrypted cookies, then it’s a missed opportunity arguably if the solution is just a bandaid like Blacksheep. As Butler says, “The only effective fix for this problem is full end-to-end encryption, known on the web as HTTPS or SSL.” That’s the argument that many groups, like the EFF are making (and have been making for some time). Rather than calling for add-ons that alert you to Firesheep or calling for encrypted Wi-Fi, the answer is to implement HTTPS across the Web.

Currently, we demand HTTPS log-ins for our financial transactions. Gmail made the switch to HTTPS in January. And in response to Firesheep, others have followed suit. Hotmail added the option earlier this week, as did GitHub.

But many major websites, including Facebook, Yahoo, and Twitter, have yet to do so.

The non-profit group Access has launched a campaign to draw attention to the problem, arguing that HTTPS should become the “industry standard.”

Until then, you can install EFF’s HTTPS Everywhere add-on for your Firefox browser. It will automatically demand a secure connection if one is available. You can install tools like Blacksheep or Fireshepherd. You can set up a VPN. Or, I guess, you can stay off of Wi-Fi.

Sheep photo by Micia; fire photo by huibidos

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.